My comment about SoS John Merrill and the lovely Ying Springylady:
Well well WELL well well.... Quite the little cutout in her little black dress.
Quite the little cutout in her little black dress.
*********************************
I thought something similar, but it would not be Bigg Red approved so I didn’t say it out loud. 😁
CodeMonkeyZ
Regarding today’s event: We had technical difficulties getting started and had communication issues due to server attacks on our communication lines and instability of the public live streams. People were asking why we didn’t run tools on the data. It is because we were not remoted into a Windows server that had the image loaded; we had just mounted a forensic image of the files and were able to view the file tree and files only. Due to the setup of the forensic image, we were not able to run tools such as regedit, event viewers, or dll analyzers. We could not run the executable files inside the forensic image. We did not have a windows server setup with the image loaded due to obtaining the publicly-available data at the last minute. There simply was not enough time to setup a server because the show was already scheduled and we wanted to do it live. We came across unprepared, and it is true in a sense because we had just obtained the data. It was my very first time looking at the data and I did not know what exactly would be found on the systems ahead of the event. Interestingly, we did uncover a few critical things: 1. There appeared to be web server logs which potentially indicate that the server was accepting and executing commands remotely. 2. Election related data pre-upgrade was not present on the machine post-upgrade. This indicates that election related data was deleted or otherwise removed during the upgrade process. 3. The server had a suspicious configuration script designed to remove server security, potentially opening the machine up to a network hack. These issues warrant additional investigation.